memory leaks

author: netblue30 <netblue30@yahoo.com> 2018-08-28 08:46:37 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-08-28 08:46:37 -0400
commit: 74b564d1c9511d85c46e1d263eb94825de4a1157 (patch)
tree: f1068faa3cbf503eb5bf62e0ed7a89c46324050e
parent: apparmor: disable exec from home by default (diff)
download: firejail-74b564d1c9511d85c46e1d263eb94825de4a1157.tar.gz
firejail-74b564d1c9511d85c46e1d263eb94825de4a1157.tar.zst
firejail-74b564d1c9511d85c46e1d263eb94825de4a1157.zip
5 files changed, 19 insertions, 6 deletions
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c
index 71b39390e..de2b8cfa2 100644
--- a/src/firecfg/desktop_files.c
+++ b/src/firecfg/desktop_files.c
@@ -144,6 +144,8 @@ void fix_desktop_files(char *homedir) {
                perror("opendir");
                fprintf(stderr, "Warning: cannot access /usr/share/applications directory, desktop files fixing skipped...\n");
                free(user_apps_dir);
+                if (dir)
+                        closedir(dir);
                return;
        }
@@ -266,12 +268,16 @@ void fix_desktop_files(char *homedir) {
                if (stat(outname, &sb) == 0) {
                        printf("   %s skipped: file exists\n", filename);
+                        if (change_exec)
+                                free(change_exec);
                        continue;
                }
                FILE *fpin = fopen(filename, "r");
                if (!fpin) {
                        fprintf(stderr, "Warning: cannot open /usr/share/applications/%s\n", filename);
+                        if (change_exec)
+                                free(change_exec);
                        continue;
                }
@@ -279,6 +285,8 @@ void fix_desktop_files(char *homedir) {
                if (!fpout) {
                        fprintf(stderr, "Warning: cannot open ~/.local/share/applications/%s\n", outname);
                        fclose(fpin);
+                        if (change_exec)
+                                free(change_exec);
                        continue;
                }
                fprintf(fpout, "# converted by firecfg\n");
diff --git a/src/firejail/cmdline.c b/src/firejail/cmdline.c
index ce1e281a5..1fe5a2398 100644
--- a/src/firejail/cmdline.c
+++ b/src/firejail/cmdline.c
@@ -208,4 +208,5 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc,
        // free strdup
        free(tmp1);
+        free(command_line_tmp);
 }
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 602985b4e..9b68b6753 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -371,10 +371,13 @@ void fs_whitelist(void) {
                // resolve macros
                if (is_macro(dataptr)) {
-                        char *tmp = resolve_macro(dataptr);
+                        char *tmp = resolve_macro(dataptr); // returns allocated mem
-                        if (tmp != NULL)
+                        if (tmp != NULL) {
-                                tmp = parse_nowhitelist(nowhitelist_flag, tmp);
+                                char *tmp1 = parse_nowhitelist(nowhitelist_flag, tmp);
+                                assert(tmp1);
+                                free(tmp);
+                                tmp = tmp1;
+                        }
                        if (tmp) {
                                entry->data = tmp;
                                dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c
index 94c60687f..5a1e34080 100644
--- a/src/fsec-print/main.c
+++ b/src/fsec-print/main.c
@@ -74,7 +74,8 @@ printf("\n");
        close(fd);
        return 0;
 errexit:
-        close(fd);
+        if (fd != -1)
+                close(fd);
        fprintf(stderr, "Error: cannot read %s\n", fname);
        exit(1);
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c
index 0ccb74b10..6d2c8c695 100644
--- a/src/libpostexecseccomp/libpostexecseccomp.c
+++ b/src/libpostexecseccomp/libpostexecseccomp.c
@@ -31,7 +31,7 @@ static void load_seccomp(void) {
        if (fd == -1)
                return;
-        int size = lseek(fd, 0, SEEK_END);
+        off_t size = lseek(fd, 0, SEEK_END);
        unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter);
        struct sock_filter *filter = MAP_FAILED;
        if (size != 0)
author	netblue30 <netblue30@yahoo.com>	2018-08-28 08:46:37 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-08-28 08:46:37 -0400
commit	74b564d1c9511d85c46e1d263eb94825de4a1157 (patch)
tree	f1068faa3cbf503eb5bf62e0ed7a89c46324050e
parent	apparmor: disable exec from home by default (diff)
download	firejail-74b564d1c9511d85c46e1d263eb94825de4a1157.tar.gz firejail-74b564d1c9511d85c46e1d263eb94825de4a1157.tar.zst firejail-74b564d1c9511d85c46e1d263eb94825de4a1157.zip

diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c index 71b39390e..de2b8cfa2 100644 --- a/src/firecfg/desktop_files.c +++ b/src/firecfg/desktop_files.c
@@ -144,6 +144,8 @@ void fix_desktop_files(char *homedir) {
144	perror("opendir");	144	perror("opendir");
145	fprintf(stderr, "Warning: cannot access /usr/share/applications directory, desktop files fixing skipped...\n");	145	fprintf(stderr, "Warning: cannot access /usr/share/applications directory, desktop files fixing skipped...\n");
146	free(user_apps_dir);	146	free(user_apps_dir);
		147	if (dir)
		148	closedir(dir);
147	return;	149	return;
148	}	150	}
149		151
@@ -266,12 +268,16 @@ void fix_desktop_files(char *homedir) {
266		268
267	if (stat(outname, &sb) == 0) {	269	if (stat(outname, &sb) == 0) {
268	printf(" %s skipped: file exists\n", filename);	270	printf(" %s skipped: file exists\n", filename);
		271	if (change_exec)
		272	free(change_exec);
269	continue;	273	continue;
270	}	274	}
271		275
272	FILE *fpin = fopen(filename, "r");	276	FILE *fpin = fopen(filename, "r");
273	if (!fpin) {	277	if (!fpin) {
274	fprintf(stderr, "Warning: cannot open /usr/share/applications/%s\n", filename);	278	fprintf(stderr, "Warning: cannot open /usr/share/applications/%s\n", filename);
		279	if (change_exec)
		280	free(change_exec);
275	continue;	281	continue;
276	}	282	}
277		283
@@ -279,6 +285,8 @@ void fix_desktop_files(char *homedir) {
279	if (!fpout) {	285	if (!fpout) {
280	fprintf(stderr, "Warning: cannot open ~/.local/share/applications/%s\n", outname);	286	fprintf(stderr, "Warning: cannot open ~/.local/share/applications/%s\n", outname);
281	fclose(fpin);	287	fclose(fpin);
		288	if (change_exec)
		289	free(change_exec);
282	continue;	290	continue;
283	}	291	}
284	fprintf(fpout, "# converted by firecfg\n");	292	fprintf(fpout, "# converted by firecfg\n");


diff --git a/src/firejail/cmdline.c b/src/firejail/cmdline.c index ce1e281a5..1fe5a2398 100644 --- a/src/firejail/cmdline.c +++ b/src/firejail/cmdline.c
@@ -208,4 +208,5 @@ void build_appimage_cmdline(char command_line, char window_title, int argc,
208		208
209	// free strdup	209	// free strdup
210	free(tmp1);	210	free(tmp1);
		211	free(command_line_tmp);
211	}	212	}


diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 602985b4e..9b68b6753 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c
@@ -371,10 +371,13 @@ void fs_whitelist(void) {
371		371
372	// resolve macros	372	// resolve macros
373	if (is_macro(dataptr)) {	373	if (is_macro(dataptr)) {
374	char *tmp = resolve_macro(dataptr);	374	char *tmp = resolve_macro(dataptr); // returns allocated mem
375	if (tmp != NULL)	375	if (tmp != NULL) {
376	tmp = parse_nowhitelist(nowhitelist_flag, tmp);	376	char *tmp1 = parse_nowhitelist(nowhitelist_flag, tmp);
377		377	assert(tmp1);
		378	free(tmp);
		379	tmp = tmp1;
		380	}
378	if (tmp) {	381	if (tmp) {
379	entry->data = tmp;	382	entry->data = tmp;
380	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;	383	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;


diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c index 94c60687f..5a1e34080 100644 --- a/src/fsec-print/main.c +++ b/src/fsec-print/main.c
@@ -74,7 +74,8 @@ printf("\n");
74	close(fd);	74	close(fd);
75	return 0;	75	return 0;
76	errexit:	76	errexit:
77	close(fd);	77	if (fd != -1)
		78	close(fd);
78	fprintf(stderr, "Error: cannot read %s\n", fname);	79	fprintf(stderr, "Error: cannot read %s\n", fname);
79	exit(1);	80	exit(1);
80		81


diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c index 0ccb74b10..6d2c8c695 100644 --- a/src/libpostexecseccomp/libpostexecseccomp.c +++ b/src/libpostexecseccomp/libpostexecseccomp.c
@@ -31,7 +31,7 @@ static void load_seccomp(void) {
31	if (fd == -1)	31	if (fd == -1)
32	return;	32	return;
33		33
34	int size = lseek(fd, 0, SEEK_END);	34	off_t size = lseek(fd, 0, SEEK_END);
35	unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter);	35	unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter);
36	struct sock_filter *filter = MAP_FAILED;	36	struct sock_filter *filter = MAP_FAILED;
37	if (size != 0)	37	if (size != 0)